Thanks, that makes sense (still haven't tried, just wanted to thank you right away!).

Reading that page, I notice one can change the port used. So, in theory, I could not install system Tor, and use the Tor Browser's Tor? Or would install apt-transport-tor always require Tor to be installed and running?

Well, to answer my own question, it is indeed possible to do
sudo nano /etc/apt/apt.conf

add the following line
Acquire::tor::proxy "socks5h://apt:apt@localhost:9150";

And it will use the Tor Browser's Tor. HOWEVER, you cannot uninstall the Tor binary from the system, as it is marked as a dependency of apt-transport-tor
So, you can not have it running but it has to be installed.

Also, another important notice, one must edit also other sources lines (such as PPA and stuff) to add "tor+" or else those will be done without Tor. Synaptic is a more clear way of doing so as it will show all the sources at once.

I also discovered that launchpad PPA can't use https, didn't know that. Is that even remotely secure??

All APT repositories are GPG-signed which makes it still possible for the package manager to verify that the integrity and detect alterations even if it comes over an insecure connection. The package manager should warn you if you're using packages from an unsigned repository.

Check out the program apt-key if you want to see more information on which GPG keys your system is trusting.